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CLAIM AMENDMENTS 
This listing of claims will replace all prior versions and listings of claims in the 
application. 
Listing of Claims 

1. (Currently Amended) A method of determining rules to be applied to a data packet 
arriving at a first interface within a data packet router, comprising the steps of: 

ft: associating at least two sets of rules with the first interface, at least one of the sets 

of rules being a shared set of mles also associated with a swond interface; 
bi determining a key of the data packet; and 

9i searching the at least two sets of rules fep- to determine at least one rule matching 

the ke v: and 

a pplying an action associated w ith the at least one aile to the data packet. 

2. (Original) The method of clahn 1 wherein the step of associating at least two sets of rules 
with the first interface includes associating at least one set of rules with the first interface alone, 

3. (Original) The method of claim I wherein the data packet is an internet protocol (BP) 
packet, wherein the interface is located within a router, and wherein the step of associating at 
least two sets of rules with the first interface comprises associating at least two access control 
listsJACLs) with the first interface. 
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4. (Original) The method of claim 3 wherein each rule has an associated action, each 
associated action being one of packet denial, packet allowance, packet counting, and packet 
copying- 

5. (Original) The method of claim 3 wherein the key is determined from information 
contained within a header of the DP packet. 

6. (Original) The method of claim 5 wherein the information from which the key is 
determined includes at least one of an IP source address, an IP destination address, a protocol 
number, a Transmission Control ProtocolAJser Datagram Protocol (TCP/UDP) source port, a 
TCP/UDP destination port, and an Internet Control Message Protocol code. 

7. (Currently Amended) The method of claim 1 wherein the step of searching the at least 
two sets of rules comprises the steps of: 

fk: determining a priority order for the at least two sets of rules; and 

hi ^searching for a rule matching the key in the at least two sets of rules in an order 

matching the priority order. 

8. (Currently Amended) A method of providing security in a data packet router at which a 
data packet arrives at a first interface, comprising the steps of: 
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a: ^associating at least two sets of rules with the first interface, at least one of the sets 

of rules being a shared set of rules also associated with a second interface, each rule in the at 
least two sets of rules having an associated action; 

b: determining a key of the data packet; 

6; searching the at least two sets of rules for at least one rule matching the key; and 

d: ^if at least one rule matching the key is found, applying the action associated with 

each of the at least one rule to the data packet. 

9. (Original) The method of claim 8 wherein the step of associating at least two sets of rules 
with the first interface includes associating at least one set of rules with the first interface alone. 

10. (Original) The method of claim 8 wherein the data packet is an internet protocol (IP) 
packet, wherein the interface is located within a router, and wherein the step of associating at 
least two sets of rules with the first interface comprises associating at least two access control 
lists (ACLs) with the first interface. 

11. (Original) The method of claim 10 wherein each associated action is one of packet denial, 
packet allowance, packet counting, and packet copying. 

12. (Original) The method of claim 10 wherein the key is determined fironi information 
contained within a header of the IP packet. 
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13» (Original) The method of claim 12 wherein the information from which the key is 
detemiined includes at least one of an IP source address, an IP destination address, a protocol 
number, a Transmission Control Protocol/User Datagram Protocol (TCPAJDP) source port, a 
TCPAJDP destination port, and an Internet Control Message Protocol code. 

14. (Cuirently Amended) The method of claim 8 wherein the step of searching the at least 
two sets of rules comprises the steps of: 

€ki determining a priority order for the at least two sets of rules; and 

b-, ^searching for a rule matching the key in the at least two sets of rules in an order 

matching the priority order. 

1 5. (Currently Amended) A line card comprising: 
a: a first interface; 

bi ^a second interface; 

6: a first set of rules associated with at least the first interface; 

a second set of rules associated with the first interface and with the second 

interface; 

ei ^means for searching the first set of rules and the second set of rules ^et-io 

detemiine at least one rule specific to individual data packets arriving at the first interface:? and 
applvinjg an action associated with the at least one rule to the data packets. 

-5- 
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16. (Original) The line card of claim 15 wherein the first set of rules and the second set of 
rules are Access Control Lists (ACLs). 

17. (Original) The line card of claim 15 wherein the first set of rules is associated with only 
the first interface. 

1 8. (Currently Amended) The line card of claim 17 further comprising: 
ft: a third interface; and 

b: a third set of rules associated with the first interface and with the second interface; 

and wherein the means for searching for at least one rule specific to individual data packets 
arriving at the first interface further comprises searching the third set of rules for such a nile, 

19. (Original) The line card of claim 1 5 further comprising 

means for associating the first set of rules and the second set of rules to the first interface 
according to a priority order, and 

wherein the means for searching for a rule comprises searching the first set of rules and 
the second set of rules in the order specified by the priority order. 

20. (Original) A packet switch comprising the line card of claim 1 5. 



-6- 
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2L (Currently Amended) A computer-readable medium including instructions for providing 
security in a data packet router at which a data packet arrives at a first interface, comprising: 

i^. ^instructions for associating at least two sets of rules with the first interface, at 

least one of the sets of rules being a shared set of rules also associated with a second interface, 
each rule in the at least two sets of rules having an associated action; 

b-. instructions for determining a key of the data packet; 

0: instructions for searching the at least two sets of rules for at least one rule 

matching the key; and 

4t ^instructions for applying the action associated with each of the at least one rule to 

the data packet, in the event that at least one rule matching the key is found. 



